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REMARKS 

Prior to entry of this amendment, Claims 1-21 were pending in this application, 
with all claims standing rejected. No claims are canceled and no claims are added. 
Hence, Claims 1-21 are presently pending in this application. 

SUMMARY OF OFFICE ACTION 
Claims 1, 2, 6, 7, 9, 10, 13-15 and 19-21 were rejected under 35 U.S.C. §103(a) as 
allegedly unpatentable over Kekic et al. ("Kekic"; U.S. Pat. No. 6,664,978) in view of 
Paulsen et al. ("Paulsen"; U.S. Pat. No. 6,055,575); Claims 3 and 16 were rejected under 
35 U.S.C. §103(a) as allegedly unpatentable over Kekic in view of Paulsen, in further 
view of RFC 2571, "An Architecture for Describing SNMP Management Frameworks", 
written by D. Harrington ("Harrington"); Claims 4, 8, 11 and 17 were rejected under 35 
U.S.C. § 103(a) as allegedly unpatentable over Kekic in view of Paulsen, in further view 
of RFC 2575, "View -based Access Control Model for the Simple Network Management 
Protocol", written by B. Wijnen ("Wijnen"); Claims 5, 12 and 18 were rejected under 35 
U.S.C. § 103(a) as allegedly unpatentable over Kekic in view of Paulsen, in further view 
of Luciani et al. ("Luciani"; U.S. Pat. No. 6,614,791); and Claim 21 was rejected under 
35 U.S.C. § 103(a) as allegedly unpatentable over Kekic in view of Luciani. 
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REJECTIONS BASED ON PRIOR ART 
Rejections under 35 U.S.C. § 103(a) 

(1) Claims 1. 2. 6. 7. 9. 10. 13-15 and 19-21 

The Office Action rejected Claims 1, 2, 6, 7, 9, 10, 13-15 and 19-21 under 35 
U.S.C. § 103(a) as allegedly unpatentable over Kekic in view of Paulsen. This rejection is 
traversed. 

(A) Introduction 

The Office Action did not establish a prima facie case of obviousness with respect 
to Claims 1, 2, 6, 7, 9, 10, 13-15 and 19-21, as discussed hereafter. Generally, Kekic is 
directed to network management and Paulsen is directed to virtual private networks. 
However, there is no teaching or suggestion in the references, either independently or 
collectively, that would motivate one skilled in the art to attempt to combine teachings 
from the respective references to achieve the subject matter claimed. Furthermore, no 
combination of teachings from the cited references teaches or suggests each and every 
feature recited in these claims. 

Examination of patent claims requires that a claim be examined in its entirety, as 
a whole . It is well-settled law that "[i]t is impermissible to use the claimed invention as 
an instruction manual or 'template' to piece together the teachings of the prior art so that 
the claimed invention is rendered obvious" and that "[o]ne cannot use hindsight 
reconstruction to pick and choose among isolated disclosures in the prior art to deprecate 
the claimed invention." In re Fritch , 972 F.2d 1260 (Fed. Cir. 1992), quoting In re Fine , 
837 F.2d 1071, 1075 (Fed. Cir. 1988). 



14 



Ser. No. 09/87 7,548-Nadeau- June 8, 2001 

GAU2151 (B.Tiv) 

Attorney Docket No. 50325-0571 

It appears that the Office Action is not examining Claim 1 as a whole, and uses 
the embodiment of Claim 1 as a template to piece together alleged teachings of the prior 
art to allege Claim 1 is obvious. When interpreted as a whole, Claim 1 recites, inter alia, 
a method in which a particular VPN is identified from a management protocol operation 
request so that a subset of managed objects associated with network devices participating 
in that particular VPN can be identified . Consequently, access to managed objects on 
network devices can be controlled in a secure manner, consistent with the security 
provided by the virtual private network. 

Applicants are not attempting to claim virtual private networks, per se, or network 
management, per se. Rather, the claimed subject matter describes particular ways in 
which to ensure that particular managed objects (e.g., from an SNMP MIB) are accessible 
only by devices that are participating in a VPN that is associated with the particular 
managed objects. 

(B) Independent Claims 1, 14, 19 and 20 

The Office Action relies on the disclosure of Kekic for the subject matter related 
to network management. 

Figs. l-5c of Kekic are relied upon by the Office Action for a teaching of the 
preamble of Claim 1, namely for a teaching of controlling access of network management 
requests directed to network devices that participate in a virtual private network (VPN). 
Neither Figs. l-5c nor any other part of Kekic even mentions VPNs. Hence, Kekic could 
not and does not provide a teaching of identifying a subset of managed objects that 
requests associated with the virtual private network are permitted to access . 
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The Office Action moves to Paulsen for an alleged teaching of determining a 
VPN identifier in the request. However, the cited passage of Paulsen (col. 7, lines 31-39) 
merely describes what is a typical challenge/response communication associated with an 
authentication phase in establishing a virtual private network (VPN). Significantly, 
Paulsen teaches nothing about the use of a VPN identifier in a management protocol 
operation request . The mere reference to a VPN authentication phase between a client 
and a server, which is not the same as including a VPN identifier in a network 
management operation request, does not meet the standard required of a reference for its 
alleged contribution to an obviousness rejection. Therefore, the disclosed subject matter 
of the cited references does not meet the standard required for a prima facie obviousness 
rejection. 

It is this inclusion of VPN identifiers in a network management operation request, 
to facilitate identification of a subset of objects, which provides the mechanism for 
maintaining the security of managed objects corresponding to the VPN, without having to 
modify standard MIB structure. Hence, requests associated with a particular VPN , i.e., 
the VPN identified in the request, are limited to accessing particular managed objects 
(e.g., from MIBs) that are mapped to corresponding VPN identifiers {see, e.g., the 
respective mappings recited in Claims 2, 3, 5, 6). 

Furthermore, it is this inclusion of VPN identifiers in a network management 
operation request, and its particular use in facilitating identification of a subset of objects 
whose access is limited to requests associated with a corresponding VPN, that is not 
taught or suggested in the combined teachings of Kekic and Paulsen. Disparate 
disclosures involving, generally, establishing and accessing VPNs {Paulsen) and a client- 
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server network management system (Keltic), do not provide the required teachings nor 
the required impetus to combine the available teachings of these references which would 
make obvious to one skilled in the art the subject matter recited in Claim 1 . The Office 
Action is impermissibly using the disclosure of the present application in hindsight to 
reconstruct the claimed subject matter, where the references relied upon for the rejection 
of the claims simply do not teach the subject matter recited in Claim 1, as shown above. 
Therefore, in view of the foregoing, Claim 1 is patentable over the cited references of 
record. 

Claim 1 is amended herein, not for reasons related to patentability, but generally 
in order to further emphasize the previously recited relationship between the network 
management request and the corresponding managed objects associated with network 
devices participating in the VPN that is referenced in the request. Thus, this further 
emphasis imparted into Claim 1 does not narrow the claimed subject matter and is 
tangential to any equivalents of the corresponding claim elements and, therefore, should 
not trigger prosecution history estoppel under the Festo line of case law. 

Independent Claims 14, 19 and 20 recite subject matter that is generally similar to 
that of Claim 1, but recited in different claim formats. Therefore, Claims 14, 19 and 20 
are patentable over the cited references of record for at least the same reasons as Claim 1 . 
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(C) Independent Claims 9 and 21 

Independent Claims 9 and 21 recite some features that are similar enough to 
Claim 1 that the arguments presented herein in reference to Claim 1 also apply to Claims 
9 and 21. 

Generally, Claim 9 recites the use of a VPN identifier in a management protocol 
operation request . More specifically, Claim 9 recites use of a VPN identifier, embodied 
in a security name value within a network management protocol operation request, for 
matching with an associated MIB view, in a view-based access control model that 
corresponds with the operation, for managing the processing of such operations on 
managed objects in the MIB. The cited references do not teach any use of a VPN 
identifier within a network management protocol operation request. Therefore, Claim 9 
is patentable over the cited references of record. 

Generally, Claim 21 recites the use of a VPN identifier in an SNMP request . 
More specifically, Claim 21 recites use of a VPN identifier, embodied in an SNMP 
request, for identifying particular VPN-associated managed objects from a MIB that is 
associated with a network device participating in multiple VPNs . The cited references do 
not teach any use of a VPN identifier within a network management protocol operation 
request, to manage access to managed objects based on specified VPN associations. 
Therefore, Claim 21 is patentable over the cited references of record. 
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(D) Dependent Claims 2. 6. 7, 10, 13, and 15 

Dependent claims 2, 6, 7, 10, 13, and 15 depend, either directly or indirectly, from 
Claims 1,9, 14, and 20. Therefore, these claims are patentable over Kekic and Paulsen 
for at least the same reasons as the claims from which these claims depend. 

Furthermore, each of these claims recites additional features that place the 
respective claim in condition for allowance over the cited references of record. For 
example, neither Kekic nor Paulsen disclose the specific use of SNMPv3 securitvName 
values to identify corresponding VPNs , for use in limiting access to certain managed 
objects in accordance with the corresponding VPN-based security, such as in Claim 7. 

(2) Claims 3 and 16 

The Office Action rejected Claims 3 and 16 under 35 U.S.C. § 103(a) as allegedly 
unpatentable over Kekic in view of Paulsen, in further view of Harrington. This 
rejection is traversed. 

Dependent Claims 3 and 16 depend from Claims 1 and 14, respectively. The 
Office Action again relies on Kekic and Paulsen for a teaching of the features of Claims 1 
and 14. However, the cited references do not meet the standard for establishing a prima 
facie case of obviousness with respect to Claims 3 and 16 because the cited references do 
not collectively teach or suggest each and every feature recited in these claims, as 
discussed herein primarily in reference to Claim 1. Furthermore, Harrington does not 
cure the deficiencies in the teachings of Kekic and Paulsen. Therefore, Claims 3 and 16 
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are patentable over Kekic, Paulsen, and Harrington for at least the same reasons as the 
claims from which these claims depend. 

In addition, Claims 3 and 16 recite additional features that are not taught or 
suggested in the cited references. For example, Harrington does not teach mapping VPN 
identifiers to views of subsets of managed objects by associating, in entries in a view- 
based access control model (VACM), SNMPv3 securityName values to corresponding 
MLB Views . Rather, the cited passage of Harrington merely and generally describes the 
use of securityName values to represent principals , on whose behalf SNMP services are 
provided or processing takes place. Harrington does not come close to describing the 
specific use of securityName values to identify a VPN , from which a subset of 
corresponding managed objects are identified, as in the embodiment recited in Claims 3 
and 16 and summarized above. 

(3) Claims 4, 8, 11 and 17 

Claims 4, 8, 1 1 and 17 were rejected under 35 U.S.C. §103(a) as allegedly 
unpatentable over Kekic in view of Paulsen, in further view of Wijnen. This rejection is 
traversed. 

Dependent Claims 4, 8, 1 1 and 17 depend directly or indirectly from Claims 1, 9 
or 14. The Office Action again relies on Kekic and Paulsen for a teaching of the features 
of Claims 1, 9 and 14. However, the cited references do not meet the standard for 
establishing a prima facie case of obviousness with respect to Claims 4, 8, 1 1 and 17 
because the cited references do not collectively teach or suggest each and every feature 
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recited in these claims, as discussed herein primarily in reference to Claim 1 . 
Furthermore, Wijnen does not cure the deficiencies in the teachings of Kekic and Paulsen. 
Therefore, Claims 4, 8, 1 1 and 17 are patentable over Kekic, Paulsen, and Wijnen for at 
least the same reasons as the claims from which these claims depend. 

In addition, Claims 4, 8, 11 and 17 recite additional features that are not taught or 
suggested in the cited references. For example, Wijnen does not teach associating VPN 
identifiers with SNMPv3 securityName values, in entries in a view-based access control 
model (VACM) that associates securityName values to corresponding MEB Views , as 
recited in Claims 4 and 17. Rather, the cited passage of Wijnen generally describes the 
use of MD3 Views in relation to access rights, and access policies in the context of the 
VACM . Wijnen does not describe the specific use of VACM and securityName values to 
identify a VPN, as in the embodiment recited in Claims 4 and 17 and summarized above. 

(4) Claims 5, 12 and 18 

Claims 5, 12 and 18 were rejected under 35 U.S.C. §103(a) as allegedly 
unpatentable over Kekic in view of Paulsen, in further view of Luciani. This rejection is 
traversed. 

Dependent Claims 5, 12 and 18 depend directly or indirectly from Claims 1, 9 or 
14, respectively. The Office Action again relies on Kekic and Paulsen for a teaching of 
the features of Claims 1, 9 and 14. However, the cited references do not meet the 
standard for establishing a prima facie case of obviousness with respect to Claims 5, 12 
and 18 because the cited references do not teach or suggest each and every feature recited 
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in these claims, as discussed herein primarily in reference to Claim 1. Furthermore, 
Luciani does not cure the deficiencies in the teachings of Kekic and Paulsen. Therefore, 
Claims 5, 12 and 18 are patentable over Kekic, Paulsen, and Luciani for at least the same 
reasons as the claims from which these claims depend. 

In addition, Claims 5, 12 and 18 recite additional features that are not taught or 
suggested in the cited references. For example, Luciani does not teach identifying a MIB 
variable referenced in the request, and determining whether the management protocol 
operation of the request is allowed for the variable based on one or more views 
referenced in a mapping of VPNs to corresponding views of subsets of managed objects , 
as recited in Claims 5, 12 and 18. Rather, the cited passage of Luciani describes 
identifying a VPN from a packet, for adding/deleting a VPN from a MPOA/NHRP 
network . 

(5) Claim 21 

Claim 21 was rejected under 35 U.S.C. § 103(a) as allegedly unpatentable over 
Kekic in view of Luciani. This rejection is traversed. 

The Office Action relies on Kekic and Luciani for a teaching of the features of 
Claim 21. However, the cited references do not meet the standard for establishing a 
prima facie case of obviousness with respect to Claim 21 because the cited references do 
not teach or suggest each and every feature recited in these claims, as discussed herein 
primarily in reference to Kekic and Claim 1 . Furthermore, there is no teaching or 
suggestion in Kekic and/or Luciani, either independently or collectively, that would 
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motivate one skilled in the art to attempt to combine teachings from the respective 
references to successfully achieve the subject matter claimed. Furthermore, no 
combination of teachings from the cited references teaches or suggests each and every 
feature recited in these claims. 

Generally, Claim 21 recites the use of a VPN identifier in an SNMP request . 
More specifically, Claim 21 recites use of a VPN identifier, embodied in an SNMP 
request, for identifying particular VPN-associated managed objects from a MIB that is 
associated with a network device participating in multiple VPNs . Neither Kekic nor 
Luciani teach any use of a VPN identifier within a network management protocol 
operation request, to manage access to managed objects based on specified VPN 
associations. As shown above, Kekic does not disclose any subject matter related to 
VPNs. Luciani does disclose identifying a VPN in a packet (via a tagging mechanism or 
header; see Abstract) so that packets from multiple VPNs can be multiplexed. However, 
Luciani does not teach or suggest identifying a VPN in an SNMP request message , for 
use in identifying particular VPN-associated managed objects from a MIB that is 
associated with a network device participating in multiple VPNs, as recited in Claim 21. 
Therefore, Claim 21 is patentable over the cited references of record. 



CONCLUSION 

For at least the reasons indicated above, Applicants submit that all of the pending 
claims (1-21) present patentable subject matter over the references of record, and are in 
condition for allowance. Therefore, Applicants respectfully request that a timely Notice 
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of Allowance be issued in this case. If the Examiner has questions regarding this case, 
the Examiner is invited to contact Applicant's undersigned representative. 

To the extent necessary, a petition for an extension of time under 37 C.F.R. 
§1.136 is hereby made. Please charge any shortages in fees due in connection with the 
filing of this paper, including extension of time fees, or credit any overages to Deposit 
Account No. 50-1302. 

Respectfully Submitted, 



HICKMAN PALERMO TRUONG & 
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